dcsimg
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Ports & Windows

  1. #11
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    well as far as i can see ur wondering why certain programs can go through ur firewall...
    well its all about permissions... ur programs seems to have permissions to go through the firewall.. like everyone's else.. i gave permissions to some of my proggy's to go through the wall and i blocked some.. and i have a lock out mode.. where incase something happen i lock my firewall and only the cmd line can go through..

    as far as the firewall is concerned those poroggys of urs are allowed to go through since they are yours.. as for morpheus.. once the program is allowed to go though the wall that means ppl can download from ur puter via morpheus..

    the firewall is basically like a security guard.. if the proggy has a pass.. then it can go through..if not then go away.. lolz..

  2. #12
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    Ports

    There are a couple of things to know about ports.

    Firstly Ports 0 - 1024 are 'popular ports' and usually blocked (ftp 21, http 80, telnet 23 etc)
    Secondly there are some 'Trojan Ports' like 12345 (net bus) that firewalls block for you.
    Thirdly ports 135-139 are Netbios/IP share ports that you should block inbound.

    When you surf the net, or get email: You're computer uses ports from 1025 to 65355 (outbound) (While blocking 0-1024 inbound.)

    If you look at your netstat list port 80 is the remote computer, and your port is > 1025 and the internal port numbers rise as you keep making connections.

    To use ICQ, you must allow port 4000
    To use IRC , you must allow port 6667 (and sometimes 113 for identification)
    Each IP program has a specific port that it uses (like Morpheus, ICQ, IRC, email, http, etc)

  3. #13
    Junior Member
    Join Date
    Nov 2001
    Posts
    1
    The built in port filtering in 2000 isn't that great. If you have a proper DMZ then this sort of thing wouldn't be a issue.

    Even better is if you use a switch in your DMZ which does layer 2 ACL packet filtering, not real stateful packet inspection, but at least you can drop the packets on ports that you don't want to allow

  4. #14
    Member
    Join Date
    Jan 2002
    Posts
    58
    While we are on the subject of ports being open, I have a question for yall. When using NAT with a software firewall on the machine connected to the net. Is this a fairly secure method of preventing intrusion? I asked a few other ppl about his and the responses were about evenn either way. Since most of yall seem fairly knowledgable about security and networks, I thought I would ask here.
    Realityisanillusioncreatedbyanalcoholdeficiency.

  5. #15
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    so with all this said..

    what really is the point of M$ products having a services file?

    odd....
    ~THEJRC~
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  6. #16
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted by devolved
    The built in port filtering in 2000 isn't that great. If you have a proper DMZ then this sort of thing wouldn't be a issue.

    Even better is if you use a switch in your DMZ which does layer 2 ACL packet filtering, not real stateful packet inspection, but at least you can drop the packets on ports that you don't want to allow

    A switch can't do layer 2 packet filtering. Packet filtering is always done at layer 3 as this is where IP resides. Layer 2 does not even look at the IP address, so it is impossible to filter based on a source IP.

    What you can do however with a switch, is block connections on a certain port based on MAC address. Although this would only prevent an unauthorized user from plugging in a different machine to the switch.

    Stateful inspection is simply the process of the firewall keeping certain information about a session (state) in a table. When a reply packet is received, it is simply checked against the state table instead of being processed through the rulebase to verify that is a valid response. Stateful inspection is typically done at layer 4 because it keeps information about specific ports.

    One more type of filtering, Proxy, is done all the way up at layer 7. Although this is probably the most secure method, it is also the slowest.

  7. #17
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted by Tortured Spirit
    While we are on the subject of ports being open, I have a question for yall. When using NAT with a software firewall on the machine connected to the net. Is this a fairly secure method of preventing intrusion? I asked a few other ppl about his and the responses were about evenn either way. Since most of yall seem fairly knowledgable about security and networks, I thought I would ask here.
    NAT in itself is not intended to provide any type of security, but what it does provide is obscurity. A static NAT (one-to-one) does just maps a single public IP to a single private IP, so everything destined for the public address is simply passed to the private network. So this provides nothing for you at all in the context of security.

    PAT or hide NAT or whatever else you might call it, hides multiple hosts behind a single IP address and this is where the topic of security and NAT can be arguable. Like I said earlier, NAT in itself does not provide any type of security, but certainly if your source IP is disguised, a hacker would have a little bit more of a difficult time, although definately not impossible.

    Hope this helps!!

  8. #18
    Member
    Join Date
    Jan 2002
    Posts
    58
    Originally posted by iNViCTuS


    NAT in itself is not intended to provide any type of security, but what it does provide is obscurity. A static NAT (one-to-one) does just maps a single public IP to a single private IP, so everything destined for the public address is simply passed to the private network. So this provides nothing for you at all in the context of security.

    PAT or hide NAT or whatever else you might call it, hides multiple hosts behind a single IP address and this is where the topic of security and NAT can be arguable. Like I said earlier, NAT in itself does not provide any type of security, but certainly if your source IP is disguised, a hacker would have a little bit more of a difficult time, although definately not impossible.

    Hope this helps!!
    Understood, with that being said...As long as the gateway machine is firewalled, would it require a bit of work to get thru to a machine on the network?
    I realize of course that it's not gonna be foolproof but considering that I have very little of inportance on this home-lan should this setup be good enuff to provide basic invisibility from most of the wannabes and script-kiddies out there?

    Thanks
    Realityisanillusioncreatedbyanalcoholdeficiency.

  9. #19
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted by Tortured Spirit


    Understood, with that being said...As long as the gateway machine is firewalled, would it require a bit of work to get thru to a machine on the network?
    The key word here is firewalled. Yes, if you have a firewall at the gateway, then that is probably good enough for a home LAN. But many routers can do NAT without providing any firewall protection. If this is the case, I wouldn't trust just NAT to do the job, even against script kiddies. There are too many automated tools available for anyone to do anything. Especially on a wide open network.

  10. #20
    Junior Member
    Join Date
    Jan 2002
    Posts
    4

    Post Help on ports

    When I use netstat, the foreign address is port 80, and my port is 1245 which is a known trojan port, does this mean that someone is trying to install a trojan on my computer or that their is already one in there. Is my firewall monitering this port 1245 or is it just monitering the remote computer. I use norton.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •